前段時間有位朋友問我，如何從 dump 中提取出哪些和機器相關的信息？比如：機器內存大小，cpu核數，機器名，機器的環境變量 等等。

那如何提取到里面的信息呢？當然我也沒說全部可以提取的到。。。這里就拿自己的機器舉例吧：

1. 如何提取 cpu 核數

windbg 中有一個 !cpuid 命令，可以提取出cpu的相關信息。

0:006>?!cpuid CP??F/M/S??Manufacturer?????MHz0??6,5,2??GenuineIntel????25921??6,5,2??GenuineIntel????25922??6,5,2??GenuineIntel????25923??6,5,2??GenuineIntel????25924??6,5,2??GenuineIntel????25925??6,5,2??GenuineIntel????25926??6,5,2??GenuineIntel????25927??6,5,2??GenuineIntel????25928??6,5,2??GenuineIntel????25929??6,5,2??GenuineIntel????2592 10??6,5,2??GenuineIntel????2592 11??6,5,2??GenuineIntel????2592

可以看出，當前cpu為12核，廠家為intel，兆赫=2592。

2. 如何提取機器名

windbg中有一個命令叫 !envvar ，可用于獲取指定的環境變量,比如這里的 COMPUTERNAME 啦。

0:006>?!envvar?COMPUTERNAMECOMPUTERNAME?=?SD-20210607OIBM

3. 如何提取機器環境變量

從上面的 !envvar 用法中你應該能感觸到，既然能提取環境變量，那能不能獲取到所有的環境變量呢？當然可以了哈。用 !peb，也就是 Process Environment Block。

0:006>?!peb PEB?at?002af000InheritedAddressSpace:????NoReadImageFileExecOptions:?NoBeingDebugged:????????????YesImageBaseAddress:?????????00400000NtGlobalFlag:?????????????4070NtGlobalFlag2:????????????0Ldr???????????????????????77975d80Ldr.Initialized:??????????YesLdr.InInitializationOrderModuleList:?006e4f68?.?0075e630Ldr.InLoadOrderModuleList:???????????006e5060?.?0075bae8Ldr.InMemoryOrderModuleList:?????????006e5068?.?0075baf0Base?TimeStamp?????????????????????Module400000?D:\net5\ConsoleApp4\ConsoleApp1\bin\Debug\ConsoleApp1.exe77850000?5f641e44?Sep?18?10:41:08?2020?C:\Windows\SYSTEM32\ntdll.dll7c570000?C:\Windows\SYSTEM32\MSCOREE.DLL75ac0000?C:\Windows\System32\KERNEL32.dll76900000?197b16c5?Jul?20?05:12:37?1983?C:\Windows\System32\KERNELBASE.dll76880000?C:\Windows\System32\ADVAPI32.dll75740000?7f567a50?Sep?12?21:10:40?2037?C:\Windows\System32\msvcrt.dll76170000?56a91365?Jan?28?02:58:45?2016?C:\Windows\System32\sechost.dll76c20000?C:\Windows\System32\RPCRT4.dll7c5d0000?5e7d1df2?Mar?27?05:26:10?2020?C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll758a0000?C:\Windows\System32\SHLWAPI.dll76490000?3d49eb55?Aug?02?10:15:49?2002?C:\Windows\System32\kernel.appcore.dll74b60000?C:\Windows\SYSTEM32\VERSION.dll79a40000?5f7e61bb?Oct?08?08:47:55?2020?C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll76650000?1e757656?Mar?12?20:28:06?1986?C:\Windows\System32\USER32.dll764d0000?55cf9768?Aug?16?03:47:52?2015?C:\Windows\System32\win32u.dll75480000?1baae673?Sep?16?20:15:47?1984?C:\Windows\System32\GDI32.dll764f0000?C:\Windows\System32\gdi32full.dll7a210000?5bac17e1?Sep?27?07:36:01?2018?C:\Windows\SYSTEM32\ucrtbase_clr0400.dll7a1f0000?5bac17e5?Sep?27?07:36:05?2018?C:\Windows\SYSTEM32\VCRUNTIME140_CLR0400.dll75810000?C:\Windows\System32\msvcp_win.dll77500000?73123758?Mar?06?22:27:36?2031?C:\Windows\System32\ucrtbase.dll764a0000?39046a45?Apr?24?23:37:41?2000?C:\Windows\System32\IMM32.DLL7a2c0000?5f7e60f6?Oct?08?08:44:38?2020?C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\218db16dceaef380c6daf35c6a48f313\mscorlib.ni.dll762a0000?4f8dda94?Apr?18?05:03:16?2012?C:\Windows\System32\ole32.dll754b0000?2f680839?Mar?16?17:43:21?1995?C:\Windows\System32\combase.dll76b80000?C:\Windows\System32\bcryptPrimitives.dll7b6d0000?5f7e60c1?Oct?08?08:43:45?2020?C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll77750000?C:\Windows\System32\OLEAUT32.dllSubSystemData:?????00000000ProcessHeap:???????006e0000ProcessParameters:?006e29b8CurrentDirectory:??'C:\Windows\system32\'WindowTitle:??'D:\net5\ConsoleApp4\ConsoleApp1\bin\Debug\ConsoleApp1.exe'ImageFile:????'D:\net5\ConsoleApp4\ConsoleApp1\bin\Debug\ConsoleApp1.exe'CommandLine:??'D:\net5\ConsoleApp4\ConsoleApp1\bin\Debug\ConsoleApp1.exe'DllPath:??????'<?Name?not?readable?>'Environment:??006e0b80=::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\Administrator\AppData\RoamingASPNETCORE_ENVIRONMENT=DevelopmentCLASSPATH=.;C:\Program?Files\Java\jdk1.8.0_121\lib\dt.jar;C:\Program?Files\Java\jdk1.8.0_121\lib\tools.jar;CommonProgramFiles=C:\Program?Files?(x86)\Common?FilesCommonProgramFiles(x86)=C:\Program?Files?(x86)\Common?FilesCommonProgramW6432=C:\Program?Files\Common?FilesCOMPUTERNAME=SD-20210607OIBMComSpec=C:\Windows\system32\cmd.exeDBGENG_OVERRIDE_DBGSRV_PATH=C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps\Microsoft.WinDbg_8wekyb3d8bbwe\dbgsrv32.exeDBGHELP_HOMEDIR=C:\ProgramData\DbgDriverData=C:\Windows\System32\Drivers\DriverDataHOMEDRIVE=C:HOMEPATH=\Users\AdministratorJAVA_HOME=C:\Program?Files\Java\jdk1.8.0_121LOCALAPPDATA=C:\Users\Administrator\AppData\LocalLOGONSERVER=\\SD-20210607OIBMMOZ_PLUGIN_PATH=C:\Program?Files?(x86)\Foxit?Software\Foxit?Reader\plugins\NUMBER_OF_PROCESSORS=12OneDrive=C:\Users\Administrator\OneDriveOS=Windows_NTPath=C:\Program?Files\WindowsApps\Microsoft.WinDbg_1.2107.13001.0_neutral__8wekyb3d8bbwe\x86;C:\Program?Files\WindowsApps\Microsoft.WinDbg_1.2107.13001.0_neutral__8wekyb3d8bbwe\amd64;C:\Program?Files?(x86)\VMware\VMware?Workstation\bin\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program?Files?(x86)\NVIDIA?Corporation\PhysX\Common;C:\Program?Files\NVIDIA?Corporation\NVIDIA?NvDLISR;C:\Program?Files\dotnet\;C:\Program?Files\Microsoft?SQL?Server\Client?SDK\ODBC\170\Tools\Binn\;C:\Program?Files\Git\cmd;C:\soft\procdump;C:\Program?Files\Java\jdk1.8.0_121\bin;C:\Program?Files\Java\jdk1.8.0_121\jre\bin;C:\Program?Files\nodejs\;C:\Program?Files?(x86)\Microsoft?SQL?Server\150\Tools\Binn\;C:\Program?Files\Microsoft?SQL?Server\150\Tools\Binn\;C:\Program?Files\Microsoft?SQL?Server\150\DTS\Binn\;C:\Program?Files?(x86)\Microsoft?SQL?Server\150\DTS\Binn\;C:\Program?Files\Azure?Data?Studio\bin;C:\Program?Files?(x86)\Microsoft?SQL?Server\100\Tools\Binn\;C:\Program?Files\Microsoft?SQL?Server\100\Tools\Binn\;C:\Program?Files\Microsoft?SQL?Server\100\DTS\Binn\;C:\Program?Files?(x86)\Microsoft?SQL?Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program?Files?(x86)\Microsoft?Visual?Studio?9.0\Common7\IDE\PrivateAssemblies\;C:\Program?Files?(x86)\Microsoft?SQL?Server\100\DTS\Binn\;C:\Program?Files?(x86)\Visual?Leak?Detector\bin\Win32;C:\Program?Files?(x86)\Visual?Leak?Detector\bin\Win64;C:\Program?Files\TortoiseGit\bin;C:\Program?Files\Microsoft\Web?Platform?Installer\;C:\soft\nginx;C:\Program?Files?(x86)\dotnet\;C:\Program?Files?(x86)\NetSarang\Xshell?7\;C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps;C:\Users\Administrator\.dotnet\tools;C:\Users\Administrator\AppData\Local\Programs\Microsoft?VS?Code\bin;C:\Users\Administrator\AppData\Roaming\npmPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=x86PROCESSOR_ARCHITEW6432=AMD64PROCESSOR_IDENTIFIER=Intel64?Family?6?Model?165?Stepping?2,?GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=a502ProgramData=C:\ProgramDataProgramFiles=C:\Program?Files?(x86)ProgramFiles(x86)=C:\Program?Files?(x86)ProgramW6432=C:\Program?FilesPSModulePath=C:\Program?Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program?Files?(x86)\Microsoft?SQL?Server\150\Tools\PowerShell\Modules\PUBLIC=C:\Users\PublicSRCSRV_SHOW_TF_PROMPT=1SystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\ADMINI~1\AppData\Local\TempTMP=C:\Users\ADMINI~1\AppData\Local\TempUSERDOMAIN=SD-20210607OIBMUSERDOMAIN_ROAMINGPROFILE=SD-20210607OIBMUSERNAME=AdministratorUSERPROFILE=C:\Users\Administratorwindir=C:\WindowsWXDRIVE_START_ARGS=--wxdrive-setting=0?--disable-gpu?--disable-software-rasterizer?--enable-features=NetworkServiceInProcessZES_ENABLE_SYSMAN=1

哈哈，這信息是不是相當多。。。。

4. 其他信息

很遺憾的是，我目前還不知道從 dump 中提取出當前機器的內存大小，如果有知道的，可以聊一聊。

總結

以上是生活随笔為你收集整理的如何从一个 C# 的 dump 中挖到机器相关的信息？的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。